Traditional computer programming requires an author to tell a machine exactly what to do. Machine learning flips this paradigm on its head, requiring the programmer to know only the correct output, not how that output was generated. This magic is made possible, in part, by representing problems as mathematical equations — networks that process input to arrive at correct output.

Neural networks are one of two fundamental features in machine learning that permit automated learning — digitizing the ability to solve future, unknown problems given examples of currently known solutions. The neural network represents the "machine" of machine learning. Although neural networks represent, as a singular artificial neuron, intuitive mathematics, the layering and scale found in real-world neural networks, not to mention the relation to neuroscience, may make the concept unfamiliar at first blush.

Background

In the 1940s, Warren McCulloch, a neurophysiologist, and Walter Pitts, a logician, realized that one of the most advanced machines in existence — the human brain — relied on incredibly simple neurons that themselves could be represented as individual functions. A neuron receives input through a dendrite, processes that input in the nucleus, and produces an output sent along an axon; artificial neurons could be built to take input in the form of numbers, process the input via some type of algorithm, and pass the result of the neuron forward. Although this sounds complicated, it relies on simple mathematics.

The following mathematical formula may be considered a single neuron — a single neural network — just before the activation function is applied:

The intermediate output is then run through an activation function. Like a ReLU: if the intermediate output is less than zero, the final output is zero; if more than or equal to zero, the final output is one. In short, if each of these variables is set just right, the artificial neuron will produce correct output to a specific — and potentially useful — problem.

Interestingly, although the neuron just described is the brain behind some of the most complex artificial intelligence architectures today, the idea went dormant in the decades after its release. This dormancy remained despite Frank Rosenblatt's work on automatically updating the neuron's variables to receive more and more correct output. As a quote from 1958 portrays: "We are now about to witness the birth of such a machine — a machine capable of perceiving, recognizing and identifying its surroundings without any human training or control."

The Universal Approximation Theorem

What Professor Rosenblatt was referring to, and what was not practically possible until the recent artificial intelligence era, was the universal approximation theorem: any real-world problem which is able to be mathematically mapped as a continuous function can be solved with nearly-perfect accuracy by using a neural network. In other words, if a neural network is large enough, it can solve any real-world problem that may be mathematically described.

Consider the AND gate. If the bias term is set to negative two and both weights to one, the network correctly produces the right output for all combinations of input — from (0,0) to (1,1). But what if instead of the AND gate, we wanted to represent the logical XOR gate? A single neuron does not work. What Rosenblatt was considering was the layering of one neuron with other neurons — which can, theoretically, answer problems like the XOR gate by combining a NAND neuron with an OR neuron. These layers are where the concept of a "deep" neural network comes from. The more layers, the deeper the network.

Limitations

Input-output constraints

Neural networks operate by considering input and producing output. If a problem cannot be molded into that workflow — a mathematical input-to-output — then a neural network will be no good at solving the problem. Although there are an infinite number of colors that exist in the real world, computers can only represent colors in a finite and limited way, using a series of red, green, and blue pixel values. Although color itself is continuous in the natural world, computers must downgrade those colors in the digital world to operate on them — something which, in some ways, is unavoidably reductionist.

Inscrutability and traceability

It can sometimes be useful to think of machine learning models as inscrutable, given the difficulty of tracing particular inputs to particular outputs. However, that thinking elides the fact that these networks are surely accessible in some fashion. Neural networks do not produce truly random output. A neural network taught to recognize hand-written digits will not suddenly be able to distinguish between images of cats and dogs. Even "random" and untoward outcomes of advanced neural networks that have learned undesired behaviors — like Microsoft's Tay — have a traceable path.

Finite mathematical goals

Neural networks have finite and mathematical goals in mind. The AND gate from above was told exactly what type of output was correct: zero or one. The world, according to that neural network, consisted of no more than zeros and ones. The same is true of neural networks used to drive vehicles or generate art. The network is approximating a problem by rudimentarily turning that problem into a mathematical equation. This means that unless the mathematical problem incorporates values we as a society care about — like equality — the network will simply not consider them.

Conclusion

It was not until recently that researchers began layering neurons in such a massive fashion that the aims of McCulloch, Pitts, and Rosenblatt came to fruition. These networks are beginning to match or outperform humans at a variety of tasks, though those breakthroughs are coming from scale rather than invention. Network types have been showing improvements in recent years: convolutional neural networks became popular for vision, generative adversarial networks started a generative trend, and diffusion models have more recently taken hold. And yet, the core of these networks, so far, has remained the groundwork laid by McCulloch, Pitts, and Rosenblatt.

Systems that rely on "more compute" to achieve better performance may get an architectural update in the future — one that could unlock performance boosts that seem limited when scale plateaus. For the moment, however, neural networks can still be abstracted, in some sense, to the perceptron from the 1950s, meaning that the understanding laid out above will continue to capture the essence of artificial intelligence for the foreseeable future.

What happens when artificial intelligence is given the power to make life-and-death decisions? Is it ever desirable for a machine to decide if a human lives or dies — and if so, what types of restrictions should be placed around weapons capable of making these decisions?

In the international law context, these types of weapons are known as "lethal autonomous weapons systems" — weapons that, after being turned on, select and engage targets without human intervention. These weapons represent one of the many difficult areas that have been upended by artificial intelligence. Accountability gaps, alignment with "just" war practices, and moral or ethical qualms with machines taking human lives are just a few of the headline issues in this area.

Technical

In the autonomous weapons hierarchy, LAWS sit second from the top. At the bottom are in-the-loop systems — those that require a human to "complete the loop," weapons that do not work without human engagement, like a single-action trigger pistol. Next up are on-the-loop systems, where the system may operate in a semi-autonomous mode, but a human remains a crucial component and is always able to intervene. Finally, out-of-the-loop systems are those that, once activated, select and engage targets without human intervention or control — these are LAWS.

It is worth noting that even the definition of LAWS has seen a large amount of contention. The mostly accepted definition is, in fact, narrow: LAWS refer specifically to situations where a weapons system both "selects" and "engages" targets. A sentry gun, once activated, fits this bill. Practical examples include the United States Navy's Phalanx system and Israel's Iron Dome — each may allow for human control, but a human's ability to monitor and react pales in comparison to the machine.

Some of the confusion in demarcating first- to second- to third-loop systems may come from thinking that current-day technology is more capable than it really is. If there existed a machine that not only selects and engages targets on its own but also possesses something akin to moral agency — debating the merits of actions with logical reasoning or seeming to express free will — then the definition of "fully" autonomous seems like it should take on a new meaning. These fourth-loop systems do not yet exist. Today, only tools wielded by operators exist, even if the orders given to these tools have changed from a required physical gesture to turning on a device that comes with selection and engagement functionality.

The civilian development connection

A final technical consideration relates to the development of LAWS happening in parallel with consumer products. For a weapons system to "select" and "engage" a target, it must have the ability to both locate that target and make a reasoned decision on whether to engage. Autonomous vehicles must also see the road and make decisions based on that vision. Two points follow: the underlying technology — computer vision — in each use case is very similar, meaning consumer-focused companies improving AI products are, in some ways, pushing the cutting edge for military developments as well. And making long-lasting regulatory decisions about a technology in a rapid state of development is extraordinarily difficult.

Legal

The use of LAWS on the battlefield must comply with international humanitarian law (IHL) and international criminal law. IHL requires that all legal weapons systems maintain principles including necessity, distinction, and proportionality. In general terms, the machine could not be used unless it were able to understand context in terms of the appropriate use of force and distinguish between appropriate and inappropriate targets — combatants versus civilians.

Many countries were quick to support a preemptive ban on LAWS prior to their use on the battlefield. Missing among proponents of a ban, however, were countries like Israel, Russia, the United Kingdom, the United States, and South Korea. That voluntary preemptive bans have not reached unanimity does not mean LAWS are always legal — it means the legal framework remains genuinely contested.

There are concerns over the decisions made by LAWS given the potential for an accountability gap that could incentivize lawlessness — casting doubt on any type of permitted use. The machine's actions will lack a mens rea, thereby obviating the ability of criminal law to incentivize responsible use. At least in part, these concerns may be tempered when considering that only third-loop systems exist: a human operator will have nevertheless made a decision to use the autonomous weapons system in the first place.

Conclusion

Automated weapons systems are currently and will continue to be found on the battlefield. These systems are increasingly capable of replacing human soldiers, could potentially change the way war operates on a global scale, and present complex ethical, moral, and legal issues that are difficult to reach global consensus on. Countries around the world are continuing to support a ban on LAWS, but holdouts remain — adding support for the regulation of LAWS in a way that creates reasonable boundaries on use rather than preemptive bans. Discussions over accountability and compliance with IHL are ongoing, and will likely continue to be so due to rapid innovation, political tensions, and issues over international harmonization.

Artificial intelligence's current era predominantly rests on scale. Massive amounts of data, large models, and cutting-edge hardware have given rise to AI performance that matches or outpaces human expertise on a variety of tasks. But data, in machine learning, is not created equal.

Some data, like a social security number, has privacy or sensitivity implications. Other data, like creative works of expression, has legal implications such as copyright. And still other data is simply low quality — not enough of it to be useful, or too unique to draw patterns from. Moreover, there exists a reasonable question of whether scale itself will plateau: Is there enough data in the world to maintain the appetite of the massive machine learning models we are creating?

What all of this pushes toward is synthetic data — a potential solution for a variety of data problems. Generative AI is a general-purpose tool with many applications, though image generators and deepfakes often take the limelight. Of particular interest to privacy scholars, however, generation can also be pointed at tabular data found in a dataset.

Terminology

Synthetic data is a term with at least two meanings found in the literature, and the difference is one of process: how was the synthetic data created? The original concept refers to the creation of a "dummy" dataset by cloning a "real" dataset in terms of the original dataset's statistical properties. For example, creating a synthetic dataset of an array of numbers — replicating its density and randomness — could produce a replica dataset that has similar statistical properties and may be used in place of the original.

The newer meaning likewise refers to the creation of a dummy dataset based on a real dataset, but the process is through generative artificial intelligence rather than careful assessment. Machine learning can figure out on its own what statistical properties to focus on — all the developer needs to do is train a model on real data with the goal of producing similarly-looking replica data.

Privacy

The idea that synthetic data can be used in machine learning is appealing. What could be the downside of removing the barriers of low-quality data by replacing it with new, high-quality data? This motivation and appearance-based perspective, however, elides the potential privacy concerns that synthetic data encumbers.

Similar to the failures of anonymization experienced by the AOL search-query debacle and the Netflix Prize affair, synthetic data is vulnerable to unverified claims of anonymity. In those two privacy failures, AOL and Netflix made efforts to anonymize their datasets before releasing them into the wild, using techniques like generalization (turning zip codes into country names) or suppression (replacing the last four digits of a social security number with asterisks). These techniques make datasets appear anonymous. But given the large amount of data existing beyond siloed datasets, researchers and journalists in both cases were able to patch up the holes in sanitized data and reidentify individuals.

Synthetic data presents largely unverified claims of anonymity, though it does have notable advantages: it is generative rather than subtractive, using noise to replace data rather than removing it entirely. Computer science researchers looking into synthetic data's privacy properties have identified "highly variable privacy gain" and "unpredictable utility loss." On top of this, there is a legal concern that "vanilla" synthetic data — generative data that did not undergo additional privacy-preserving processing like differential privacy — will be accepted as sufficient sanitization by certain data-protective statutes without thorough analysis of the risks.

The Privacy–Utility Tradeoff

It is undeniable that some amount of synthetic data is useful to artificial intelligence. It is nearly unanimous practice to use a simple type of synthetic data via single-image data transformations — flipping an image horizontally or zooming in — when training image generators. Moreover, most production models used by large companies are trained on more advanced synthetic data to balance training datasets. But when improperly used, synthetic data makes promises it cannot keep.

Researchers are starting to look into more formal guarantees of privacy using tools like differential privacy, which "allows one to learn the statistics of a group without also learning the statistics of the individuals making up the group." Adding differential privacy to a synthetic data pipeline seeks to offer a best-of-both-worlds approach — privacy plus utility — but inherits issues with a necessary amount of data loss. Whenever non-real data is added to a dataset, a tradeoff occurs between privacy and utility.

Conclusion

The aim of future work is to better balance the privacy–utility tradeoff using synthetic data in a way that allows the data to be useful, but private. That balance has not yet been struck. What is clear is that as machine learning models grow and the appetite for training data outpaces what the world can organically supply, synthetic data will move from an interesting research curiosity to a foundational infrastructure of the field — bringing its unresolved questions with it.